If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Has anyone ever had success with setting up a Client-to-LAN IPsec VPN and connecting to it (any client)...

I have a working LAN-to-LAN (site-to-site) IPsec tunnel running, but no matter what I do it seems like the TL-ER6020 doesn't reply to IKE requests when in aggressive mode...

I have been trying to set this up for a week now, and to me, it seems like the TL-ER6020 is FUBAR... PLEASE tell me I'm wrong...! :-)

It doesn't make sense to me that a site-to-site tunnel (also using ESP) works flawlessly, but when trying to use a Client-to-LAN setup the client receives no reply no matter which combination of proposals I use...

I have gotten IPsec VPN working client to lan. I initially did not have much luck with it but eventually deleted all ike and IPsec policies and just had the IPsec enabled check box checked alone. This allowed it to work, don't ask me why. Perhaps the policies I had set were disagreeable to the clients.

Once you get VPN'd in, you will be on a separate subnet than the main LAN subnet. I think this sucks but I haven't been able to tell whether or not it is normal among routers or if this one's just a dud.

I'm not using windows (and the Shrewsoft client is ancient on Linux), but I have been using the guides above for reference (and have been testing from a Windows box)...

I also managed to get L2TP/IPsec working, but when TP-Link say it should work with pure IPsec it should work... ;-)

If it doesn't, it's false advertising... I'm hoping they "forgot" to upload a newer firmware or something like that... :-)

For L2TP/IPsec it's perfectly normal to use a seperate IP Pool, one of the main reasons (the other big one is security!) for wanting to use pure IPsec with a pre-shared key (and choose the security level myself)... :-)

Either TP-Link forgot to mention something in the guides above (I don't think so) or the TL-ER6020 just doesn't work as advertised... The latter is not acceptable... Firmware hasn't been updated since 8/7/2012 (and if it's buggy You can't just leave Your customers in the dark about it):http://www.tp-link.com/en/support/do...rsion=V1#tbl_j

One thing that's definitely a bug (although a minor one) is that the Page Title, when connecting to the TL-ER6020 (before login), says: "TP-LINK ER5110" which tells me that the firmware used for the ER6020 is just the ER5110 firmware with added VPN support (kind of)...

I too have been beating myself up over this. The site to site vpn connections were very easy. I have followed the shrew soft instructions over and over again with no luck. Please let me know if you here back from them about this.

I have contacted tech support via email but have not had any luck with them yet. When I tried to reply to the first person that emailed me back the email was bounced back as non deliverable and I have not heard back from the second tech to email me.

We often have the same non-reply from the ER6120. We trace the packets through the ISP router and they arrive at the WAN interface of the TPLINK, but on some occasions, it just drops the packet or never responds. This is the case for VPN and HTTP traffic. Then at other times, it responds as expected and you can HTTP in and setup VPN client-server LLTP connections.

We have both WANs active at the same time, to different suppliers. Is this something teh TPLINK cannot handle, having both WANs active and responding to VPN and HTTP requests coming in?

I had the same issue before with ER6120, I contacted tech support and they said when there is NAT device between client PC and ER6120, the ER6120 won't response, maybe it's a bug, and the technical guy sent me a beta firmware, everything is working now, I think ER6020 has the same bug since it looks like the little brother of ER6120, maybe you should ask tech support for a beta firmware as well. I'm not sure, but it worth trying I think.